Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 06 Dec 2006 02:07:16 -0800
From:      Colin Percival <cperciva@freebsd.org>
To:        freebsd security <freebsd-security@freebsd.org>
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-06:25.kmem
Message-ID:  <45769654.5050307@freebsd.org>
In-Reply-To: <200612060933.kB69XErN083086@freefall.freebsd.org>
References:  <200612060933.kB69XErN083086@freefall.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
FreeBSD Security Advisories wrote:
> FreeBSD-SA-06:25.kmem                                       Security Advisory
>                                                           The FreeBSD Project
> ...
> III. Impact
> 
> A user in the "operator" group can read the contents of kernel memory.
> Such memory might contain sensitive information, such as portions of
> the file cache or terminal buffers.  This information might be directly
> useful, or it might be leveraged to obtain elevated privileges in some
> way; for example, a terminal buffer might include a user-entered
> password.

For what it's worth, there was a lot of debate about whether this deserved
an advisory: Members of the operator group are allowed (by default, at least)
to read raw disk devices, so being able to read kernel memory really isn't
very much of a privilege escalation.  In the end I decided to go ahead with
this advisory largely because we were already planning on issuing an advisory
this week (for a far more serious issue in GNU tar), but if a similar issue
arises next month, we might decide not to bother with an advisory.

I'd be interested to hear opinions from the FreeBSD community about whether
this sort of issue is one which anyone really cares about.

Colin Percival
FreeBSD Security Officer



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45769654.5050307>